Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

combofix log.


  • This topic is locked This topic is locked
15 replies to this topic

#1 jayw1966

jayw1966

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 28 February 2012 - 11:36 AM

Hi, I have recently been badly infected with lots of trojans and other malware. I seem to have got rid of them as far as I can tell using as many removal tools as I could and lots of time!. I came across your site after I'd got the system apparently clean, but I'm not entirely convinced.

I originally had a fake alert type virus that faked my hard drive crashing and wanted some money to fix. It took all my desktop and start menu files away and all number of other stuff. I managed to get my desktop back and have removed trojans with Malwarebytes and Kasperskys virus removal tool and Avira antivirus.

My laptop was running ot full memory until I got these trojans off and was constantly trying to connect to malicious sites according to Malwarebytes. Svchost.exe was taking up all my memory too. Both seem to be better now but seeing how well hidden these threats are I'd like to see what my log reveals.

I had already done a combofix log before I noticed the bit about not doing one until told. I'm running xp sp3. Any help would be greatly appreciated.

Thanks in advance Jay.

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 AM

Posted 02 March 2012 - 10:12 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 jayw1966

jayw1966
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 03 March 2012 - 05:38 PM

Hi, Thanks for your reply and help. I had already done the TDSSkiller scan so have posted the original log I did a few days ago and the one I've just done.

Cheers Jay.

22:35:42.0531 3952 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
22:35:42.0781 3952 ============================================================
22:35:42.0781 3952 Current date / time: 2012/02/27 22:35:42.0781
22:35:42.0781 3952 SystemInfo:
22:35:42.0781 3952
22:35:42.0781 3952 OS Version: 5.1.2600 ServicePack: 3.0
22:35:42.0781 3952 Product type: Workstation
22:35:42.0781 3952 ComputerName: LAPTOP
22:35:42.0781 3952 UserName: helen
22:35:42.0781 3952 Windows directory: C:\WINDOWS
22:35:42.0781 3952 System windows directory: C:\WINDOWS
22:35:42.0781 3952 Processor architecture: Intel x86
22:35:42.0781 3952 Number of processors: 1
22:35:42.0781 3952 Page size: 0x1000
22:35:42.0781 3952 Boot type: Normal boot
22:35:42.0781 3952 ============================================================
22:35:45.0140 3952 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:35:45.0140 3952 \Device\Harddisk0\DR0:
22:35:45.0140 3952 MBR used
22:35:45.0140 3952 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x44DA00E
22:35:45.0234 3952 Initialize success
22:35:45.0234 3952 ============================================================
22:35:49.0281 1808 ============================================================
22:35:49.0281 1808 Scan started
22:35:49.0281 1808 Mode: Manual;
22:35:49.0281 1808 ============================================================
22:35:50.0843 1808 81524076 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\81524076.sys
22:35:50.0843 1808 81524076 - ok
22:35:50.0875 1808 Abiosdsk - ok
22:35:50.0890 1808 abp480n5 - ok
22:35:50.0968 1808 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:35:50.0968 1808 ACPI - ok
22:35:51.0046 1808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:35:51.0046 1808 ACPIEC - ok
22:35:51.0062 1808 adpu160m - ok
22:35:51.0109 1808 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:35:51.0109 1808 aec - ok
22:35:51.0187 1808 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:35:51.0187 1808 AegisP - ok
22:35:51.0265 1808 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:35:51.0265 1808 AFD - ok
22:35:51.0406 1808 Aha154x - ok
22:35:51.0421 1808 aic78u2 - ok
22:35:51.0437 1808 aic78xx - ok
22:35:51.0468 1808 AliIde - ok
22:35:51.0500 1808 amsint - ok
22:35:51.0531 1808 asc - ok
22:35:51.0562 1808 asc3350p - ok
22:35:51.0578 1808 asc3550 - ok
22:35:51.0640 1808 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:35:51.0640 1808 AsyncMac - ok
22:35:51.0703 1808 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:35:51.0703 1808 atapi - ok
22:35:51.0734 1808 Atdisk - ok
22:35:51.0781 1808 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:35:51.0781 1808 Atmarpc - ok
22:35:51.0859 1808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:35:51.0859 1808 audstub - ok
22:35:52.0031 1808 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
22:35:52.0031 1808 avgio - ok
22:35:52.0078 1808 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:35:52.0078 1808 avgntflt - ok
22:35:52.0187 1808 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:35:52.0187 1808 avipbb - ok
22:35:52.0328 1808 BCM43XX (c3ab2d6954c7b5103770832a3a6a591b) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:35:52.0328 1808 BCM43XX - ok
22:35:52.0406 1808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:35:52.0406 1808 Beep - ok
22:35:52.0515 1808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:35:52.0515 1808 cbidf2k - ok
22:35:52.0546 1808 cd20xrnt - ok
22:35:52.0593 1808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:35:52.0593 1808 Cdaudio - ok
22:35:52.0671 1808 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:35:52.0671 1808 Cdfs - ok
22:35:52.0703 1808 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:35:52.0703 1808 Cdrom - ok
22:35:52.0796 1808 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
22:35:52.0796 1808 cercsr6 - ok
22:35:52.0812 1808 Changer - ok
22:35:52.0859 1808 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:35:52.0859 1808 CmBatt - ok
22:35:52.0890 1808 CmdIde - ok
22:35:52.0906 1808 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:35:52.0921 1808 Compbatt - ok
22:35:53.0000 1808 Cpqarray - ok
22:35:53.0046 1808 dac2w2k - ok
22:35:53.0078 1808 dac960nt - ok
22:35:53.0140 1808 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:35:53.0140 1808 Disk - ok
22:35:53.0234 1808 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:35:53.0281 1808 dmboot - ok
22:35:53.0375 1808 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:35:53.0375 1808 dmio - ok
22:35:53.0421 1808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:35:53.0421 1808 dmload - ok
22:35:53.0484 1808 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:35:53.0484 1808 DMusic - ok
22:35:53.0515 1808 dpti2o - ok
22:35:53.0546 1808 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:35:53.0546 1808 drmkaud - ok
22:35:53.0671 1808 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:35:53.0687 1808 E100B - ok
22:35:53.0750 1808 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:35:53.0765 1808 Fastfat - ok
22:35:53.0796 1808 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:35:53.0796 1808 Fdc - ok
22:35:53.0875 1808 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:35:53.0875 1808 Fips - ok
22:35:53.0906 1808 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:35:53.0906 1808 Flpydisk - ok
22:35:53.0984 1808 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:35:53.0984 1808 FltMgr - ok
22:35:54.0062 1808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:35:54.0062 1808 Fs_Rec - ok
22:35:54.0125 1808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:35:54.0125 1808 Ftdisk - ok
22:35:54.0140 1808 g8zd3c.sys - ok
22:35:54.0171 1808 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:35:54.0171 1808 GEARAspiWDM - ok
22:35:54.0234 1808 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:35:54.0234 1808 Gpc - ok
22:35:54.0359 1808 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:35:54.0359 1808 HidUsb - ok
22:35:54.0375 1808 hpn - ok
22:35:54.0468 1808 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
22:35:54.0468 1808 HSFHWICH - ok
22:35:54.0546 1808 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:35:54.0593 1808 HSF_DP - ok
22:35:54.0718 1808 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
22:35:54.0718 1808 HTCAND32 - ok
22:35:54.0796 1808 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:35:54.0812 1808 HTTP - ok
22:35:54.0843 1808 i2omgmt - ok
22:35:54.0875 1808 i2omp - ok
22:35:54.0968 1808 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:35:54.0984 1808 i8042prt - ok
22:35:55.0078 1808 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:35:55.0109 1808 ialm - ok
22:35:55.0187 1808 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:35:55.0187 1808 Imapi - ok
22:35:55.0218 1808 ini910u - ok
22:35:55.0250 1808 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:35:55.0250 1808 IntelIde - ok
22:35:55.0328 1808 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:35:55.0343 1808 intelppm - ok
22:35:55.0375 1808 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:35:55.0390 1808 Ip6Fw - ok
22:35:55.0453 1808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:35:55.0453 1808 IpFilterDriver - ok
22:35:55.0546 1808 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:35:55.0546 1808 IpInIp - ok
22:35:55.0593 1808 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:35:55.0593 1808 IpNat - ok
22:35:55.0625 1808 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:35:55.0640 1808 IPSec - ok
22:35:55.0656 1808 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:35:55.0656 1808 IRENUM - ok
22:35:55.0687 1808 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:35:55.0703 1808 isapnp - ok
22:35:55.0750 1808 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:35:55.0750 1808 Kbdclass - ok
22:35:55.0812 1808 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:35:55.0828 1808 kmixer - ok
22:35:55.0890 1808 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:35:55.0890 1808 KSecDD - ok
22:35:55.0953 1808 lbrtfdc - ok
22:35:56.0046 1808 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
22:35:56.0046 1808 MBAMProtector - ok
22:35:56.0125 1808 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:35:56.0125 1808 mdmxsdk - ok
22:35:56.0203 1808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:35:56.0218 1808 mnmdd - ok
22:35:56.0312 1808 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:35:56.0312 1808 Modem - ok
22:35:56.0359 1808 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:35:56.0359 1808 Mouclass - ok
22:35:56.0437 1808 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:35:56.0437 1808 mouhid - ok
22:35:56.0500 1808 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:35:56.0515 1808 MountMgr - ok
22:35:56.0531 1808 mraid35x - ok
22:35:56.0562 1808 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:35:56.0562 1808 MRxDAV - ok
22:35:56.0640 1808 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:35:56.0656 1808 MRxSmb - ok
22:35:56.0718 1808 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:35:56.0718 1808 Msfs - ok
22:35:56.0781 1808 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:35:56.0781 1808 MSKSSRV - ok
22:35:56.0796 1808 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:35:56.0812 1808 MSPCLOCK - ok
22:35:56.0828 1808 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:35:56.0828 1808 MSPQM - ok
22:35:56.0890 1808 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:35:56.0890 1808 mssmbios - ok
22:35:56.0953 1808 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:35:56.0953 1808 Mup - ok
22:35:57.0078 1808 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:35:57.0078 1808 NDIS - ok
22:35:57.0140 1808 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:35:57.0140 1808 NdisTapi - ok
22:35:57.0171 1808 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:35:57.0171 1808 Ndisuio - ok
22:35:57.0203 1808 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:35:57.0203 1808 NdisWan - ok
22:35:57.0281 1808 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:35:57.0281 1808 NDProxy - ok
22:35:57.0343 1808 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:35:57.0343 1808 NetBIOS - ok
22:35:57.0375 1808 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:35:57.0390 1808 NetBT - ok
22:35:57.0453 1808 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:35:57.0453 1808 Npfs - ok
22:35:57.0531 1808 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:35:57.0546 1808 Ntfs - ok
22:35:57.0609 1808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:35:57.0609 1808 Null - ok
22:35:57.0703 1808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:35:57.0718 1808 NwlnkFlt - ok
22:35:57.0781 1808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:35:57.0781 1808 NwlnkFwd - ok
22:35:57.0781 1808 Suspicious service (NoAccess): ogokrzgrv
22:35:57.0828 1808 OMCI (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
22:35:57.0828 1808 OMCI - ok
22:35:57.0890 1808 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:35:57.0890 1808 Parport - ok
22:35:57.0921 1808 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:35:57.0921 1808 PartMgr - ok
22:35:57.0937 1808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:35:57.0937 1808 ParVdm - ok
22:35:58.0000 1808 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:35:58.0000 1808 PCI - ok
22:35:58.0078 1808 PCIDump - ok
22:35:58.0140 1808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:35:58.0156 1808 PCIIde - ok
22:35:58.0171 1808 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:35:58.0171 1808 Pcmcia - ok
22:35:58.0187 1808 PDCOMP - ok
22:35:58.0218 1808 PDFRAME - ok
22:35:58.0234 1808 PDRELI - ok
22:35:58.0250 1808 PDRFRAME - ok
22:35:58.0281 1808 perc2 - ok
22:35:58.0296 1808 perc2hib - ok
22:35:58.0375 1808 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:35:58.0375 1808 PptpMiniport - ok
22:35:58.0453 1808 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:35:58.0453 1808 PSched - ok
22:35:58.0515 1808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:35:58.0515 1808 Ptilink - ok
22:35:58.0562 1808 ql1080 - ok
22:35:58.0609 1808 Ql10wnt - ok
22:35:58.0625 1808 ql12160 - ok
22:35:58.0640 1808 ql1240 - ok
22:35:58.0671 1808 ql1280 - ok
22:35:58.0750 1808 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\WINDOWS\system32\drivers\RapportBuka.sys
22:35:58.0765 1808 RapportBuka - ok
22:35:58.0968 1808 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
22:35:58.0968 1808 RapportCerberus_34302 - ok
22:35:59.0140 1808 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
22:35:59.0156 1808 RapportEI - ok
22:35:59.0234 1808 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
22:35:59.0234 1808 RapportIaso - ok
22:35:59.0359 1808 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\WINDOWS\system32\Drivers\RapportKELL.sys
22:35:59.0375 1808 RapportKELL - ok
22:35:59.0437 1808 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
22:35:59.0437 1808 RapportPG - ok
22:35:59.0500 1808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:35:59.0500 1808 RasAcd - ok
22:35:59.0546 1808 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:35:59.0546 1808 Rasl2tp - ok
22:35:59.0593 1808 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:35:59.0593 1808 RasPppoe - ok
22:35:59.0625 1808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:35:59.0625 1808 Raspti - ok
22:35:59.0671 1808 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:35:59.0687 1808 Rdbss - ok
22:35:59.0703 1808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:35:59.0703 1808 RDPCDD - ok
22:35:59.0796 1808 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:35:59.0796 1808 RDPWD - ok
22:35:59.0937 1808 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:35:59.0937 1808 redbook - ok
22:36:00.0156 1808 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:36:00.0156 1808 SASDIFSV - ok
22:36:00.0218 1808 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:36:00.0218 1808 SASKUTIL - ok
22:36:00.0328 1808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:36:00.0328 1808 Secdrv - ok
22:36:00.0421 1808 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:36:00.0421 1808 Serial - ok
22:36:00.0468 1808 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:36:00.0484 1808 Sfloppy - ok
22:36:00.0515 1808 Simbad - ok
22:36:00.0546 1808 Sparrow - ok
22:36:00.0593 1808 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:36:00.0593 1808 splitter - ok
22:36:00.0640 1808 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:36:00.0640 1808 sr - ok
22:36:00.0812 1808 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:36:00.0828 1808 Srv - ok
22:36:00.0906 1808 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:36:00.0906 1808 ssmdrv - ok
22:36:00.0984 1808 STAC97 (19fcec67aaffab07ba358860a602cb4a) C:\WINDOWS\system32\drivers\STAC97.sys
22:36:00.0984 1808 STAC97 - ok
22:36:01.0031 1808 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:36:01.0031 1808 swenum - ok
22:36:01.0125 1808 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:36:01.0125 1808 swmidi - ok
22:36:01.0156 1808 symc810 - ok
22:36:01.0171 1808 symc8xx - ok
22:36:01.0203 1808 sym_hi - ok
22:36:01.0218 1808 sym_u3 - ok
22:36:01.0250 1808 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:36:01.0250 1808 sysaudio - ok
22:36:01.0343 1808 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:36:01.0359 1808 Tcpip - ok
22:36:01.0468 1808 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:36:01.0468 1808 TDPIPE - ok
22:36:01.0500 1808 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:36:01.0500 1808 TDTCP - ok
22:36:01.0546 1808 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:36:01.0546 1808 TermDD - ok
22:36:01.0578 1808 TosIde - ok
22:36:01.0640 1808 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:36:01.0656 1808 Udfs - ok
22:36:01.0671 1808 UIUSys - ok
22:36:01.0703 1808 ultra - ok
22:36:01.0765 1808 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:36:01.0781 1808 Update - ok
22:36:01.0843 1808 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:36:01.0843 1808 USBAAPL - ok
22:36:01.0937 1808 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:36:01.0937 1808 usbccgp - ok
22:36:02.0015 1808 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:36:02.0015 1808 usbehci - ok
22:36:02.0093 1808 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:36:02.0093 1808 usbhub - ok
22:36:02.0140 1808 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:36:02.0140 1808 usbprint - ok
22:36:02.0250 1808 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:36:02.0250 1808 usbscan - ok
22:36:02.0312 1808 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:36:02.0312 1808 USBSTOR - ok
22:36:02.0359 1808 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:36:02.0359 1808 usbuhci - ok
22:36:02.0406 1808 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
22:36:02.0406 1808 usb_rndisx - ok
22:36:02.0484 1808 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:36:02.0484 1808 VgaSave - ok
22:36:02.0531 1808 ViaIde - ok
22:36:02.0562 1808 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:36:02.0562 1808 VolSnap - ok
22:36:02.0656 1808 waclient (d87fd3fac4d99a3d471e101c3d7d30ba) C:\WINDOWS\system32\drivers\waclient.sys
22:36:02.0656 1808 waclient - ok
22:36:02.0765 1808 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:36:02.0765 1808 Wanarp - ok
22:36:02.0828 1808 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:36:02.0843 1808 Wdf01000 - ok
22:36:02.0859 1808 WDICA - ok
22:36:02.0906 1808 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:36:02.0906 1808 wdmaud - ok
22:36:03.0000 1808 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:36:03.0031 1808 winachsf - ok
22:36:03.0171 1808 xcpip - ok
22:36:03.0203 1808 xpsec - ok
22:36:03.0250 1808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:36:03.0531 1808 \Device\Harddisk0\DR0 - ok
22:36:03.0546 1808 Boot (0x1200) (1f17a448c2a860740c53342023a1d136) \Device\Harddisk0\DR0\Partition0
22:36:03.0546 1808 \Device\Harddisk0\DR0\Partition0 - ok
22:36:03.0546 1808 ============================================================
22:36:03.0546 1808 Scan finished
22:36:03.0546 1808 ============================================================
22:36:03.0562 1908 Detected object count: 0
22:36:03.0562 1908 Actual detected object count: 0
22:36:08.0578 0956 ============================================================
22:36:08.0578 0956 Scan started
22:36:08.0578 0956 Mode: Manual;
22:36:08.0578 0956 ============================================================
22:36:08.0890 0956 81524076 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\81524076.sys
22:36:08.0890 0956 81524076 - ok
22:36:08.0906 0956 Abiosdsk - ok
22:36:08.0921 0956 abp480n5 - ok
22:36:09.0000 0956 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:36:09.0000 0956 ACPI - ok
22:36:09.0078 0956 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:36:09.0078 0956 ACPIEC - ok
22:36:09.0140 0956 adpu160m - ok
22:36:09.0171 0956 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:36:09.0171 0956 aec - ok
22:36:09.0250 0956 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:36:09.0250 0956 AegisP - ok
22:36:09.0343 0956 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:36:09.0343 0956 AFD - ok
22:36:09.0406 0956 Aha154x - ok
22:36:09.0421 0956 aic78u2 - ok
22:36:09.0437 0956 aic78xx - ok
22:36:09.0468 0956 AliIde - ok
22:36:09.0484 0956 amsint - ok
22:36:09.0515 0956 asc - ok
22:36:09.0546 0956 asc3350p - ok
22:36:09.0562 0956 asc3550 - ok
22:36:09.0625 0956 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:36:09.0625 0956 AsyncMac - ok
22:36:09.0703 0956 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:36:09.0703 0956 atapi - ok
22:36:09.0718 0956 Atdisk - ok
22:36:09.0781 0956 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:36:09.0781 0956 Atmarpc - ok
22:36:09.0859 0956 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:36:09.0859 0956 audstub - ok
22:36:10.0046 0956 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
22:36:10.0046 0956 avgio - ok
22:36:10.0125 0956 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:36:10.0125 0956 avgntflt - ok
22:36:10.0218 0956 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:36:10.0218 0956 avipbb - ok
22:36:10.0328 0956 BCM43XX (c3ab2d6954c7b5103770832a3a6a591b) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:36:10.0328 0956 BCM43XX - ok
22:36:10.0375 0956 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:36:10.0375 0956 Beep - ok
22:36:10.0468 0956 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:36:10.0468 0956 cbidf2k - ok
22:36:10.0500 0956 cd20xrnt - ok
22:36:10.0546 0956 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:36:10.0546 0956 Cdaudio - ok
22:36:10.0609 0956 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:36:10.0625 0956 Cdfs - ok
22:36:10.0718 0956 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:36:10.0718 0956 Cdrom - ok
22:36:10.0765 0956 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
22:36:10.0765 0956 cercsr6 - ok
22:36:10.0796 0956 Changer - ok
22:36:10.0859 0956 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:36:10.0859 0956 CmBatt - ok
22:36:10.0906 0956 CmdIde - ok
22:36:10.0953 0956 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:36:10.0953 0956 Compbatt - ok
22:36:10.0984 0956 Cpqarray - ok
22:36:11.0015 0956 dac2w2k - ok
22:36:11.0031 0956 dac960nt - ok
22:36:11.0062 0956 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:36:11.0062 0956 Disk - ok
22:36:11.0171 0956 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:36:11.0187 0956 dmboot - ok
22:36:11.0234 0956 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:36:11.0250 0956 dmio - ok
22:36:11.0265 0956 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:36:11.0265 0956 dmload - ok
22:36:11.0312 0956 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:36:11.0312 0956 DMusic - ok
22:36:11.0343 0956 dpti2o - ok
22:36:11.0406 0956 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:36:11.0406 0956 drmkaud - ok
22:36:11.0531 0956 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:36:11.0546 0956 E100B - ok
22:36:11.0593 0956 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:36:11.0593 0956 Fastfat - ok
22:36:11.0687 0956 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:36:11.0687 0956 Fdc - ok
22:36:11.0718 0956 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:36:11.0718 0956 Fips - ok
22:36:11.0750 0956 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:36:11.0750 0956 Flpydisk - ok
22:36:11.0781 0956 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:36:11.0781 0956 FltMgr - ok
22:36:11.0828 0956 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:36:11.0828 0956 Fs_Rec - ok
22:36:11.0859 0956 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:36:11.0859 0956 Ftdisk - ok
22:36:11.0875 0956 g8zd3c.sys - ok
22:36:11.0921 0956 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:36:11.0921 0956 GEARAspiWDM - ok
22:36:11.0984 0956 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:36:11.0984 0956 Gpc - ok
22:36:12.0125 0956 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:36:12.0125 0956 HidUsb - ok
22:36:12.0203 0956 hpn - ok
22:36:12.0265 0956 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
22:36:12.0265 0956 HSFHWICH - ok
22:36:12.0343 0956 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:36:12.0359 0956 HSF_DP - ok
22:36:12.0437 0956 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
22:36:12.0437 0956 HTCAND32 - ok
22:36:12.0515 0956 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:36:12.0515 0956 HTTP - ok
22:36:12.0546 0956 i2omgmt - ok
22:36:12.0562 0956 i2omp - ok
22:36:12.0625 0956 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:36:12.0625 0956 i8042prt - ok
22:36:12.0734 0956 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:36:12.0750 0956 ialm - ok
22:36:12.0796 0956 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:36:12.0796 0956 Imapi - ok
22:36:12.0890 0956 ini910u - ok
22:36:12.0953 0956 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:36:12.0953 0956 IntelIde - ok
22:36:13.0046 0956 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:36:13.0046 0956 intelppm - ok
22:36:13.0109 0956 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:36:13.0109 0956 Ip6Fw - ok
22:36:13.0171 0956 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:36:13.0171 0956 IpFilterDriver - ok
22:36:13.0203 0956 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:36:13.0218 0956 IpInIp - ok
22:36:13.0281 0956 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:36:13.0281 0956 IpNat - ok
22:36:13.0375 0956 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:36:13.0375 0956 IPSec - ok
22:36:13.0390 0956 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:36:13.0390 0956 IRENUM - ok
22:36:13.0437 0956 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:36:13.0437 0956 isapnp - ok
22:36:13.0468 0956 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:36:13.0484 0956 Kbdclass - ok
22:36:13.0531 0956 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:36:13.0531 0956 kmixer - ok
22:36:13.0625 0956 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:36:13.0625 0956 KSecDD - ok
22:36:13.0671 0956 lbrtfdc - ok
22:36:13.0781 0956 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
22:36:13.0781 0956 MBAMProtector - ok
22:36:13.0875 0956 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:36:13.0890 0956 mdmxsdk - ok
22:36:13.0984 0956 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:36:13.0984 0956 mnmdd - ok
22:36:14.0046 0956 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:36:14.0046 0956 Modem - ok
22:36:14.0093 0956 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:36:14.0093 0956 Mouclass - ok
22:36:14.0171 0956 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:36:14.0171 0956 mouhid - ok
22:36:14.0265 0956 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:36:14.0265 0956 MountMgr - ok
22:36:14.0296 0956 mraid35x - ok
22:36:14.0343 0956 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:36:14.0359 0956 MRxDAV - ok
22:36:14.0515 0956 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:36:14.0531 0956 MRxSmb - ok
22:36:14.0578 0956 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:36:14.0593 0956 Msfs - ok
22:36:14.0640 0956 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:36:14.0656 0956 MSKSSRV - ok
22:36:14.0671 0956 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:36:14.0671 0956 MSPCLOCK - ok
22:36:14.0703 0956 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:36:14.0703 0956 MSPQM - ok
22:36:14.0750 0956 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:36:14.0750 0956 mssmbios - ok
22:36:14.0828 0956 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:36:14.0828 0956 Mup - ok
22:36:14.0875 0956 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:36:14.0875 0956 NDIS - ok
22:36:14.0937 0956 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:36:14.0937 0956 NdisTapi - ok
22:36:14.0984 0956 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:36:14.0984 0956 Ndisuio - ok
22:36:15.0078 0956 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:36:15.0093 0956 NdisWan - ok
22:36:15.0140 0956 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:36:15.0156 0956 NDProxy - ok
22:36:15.0250 0956 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:36:15.0250 0956 NetBIOS - ok
22:36:15.0281 0956 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:36:15.0296 0956 NetBT - ok
22:36:15.0375 0956 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:36:15.0375 0956 Npfs - ok
22:36:15.0437 0956 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:36:15.0453 0956 Ntfs - ok
22:36:15.0515 0956 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:36:15.0515 0956 Null - ok
22:36:15.0609 0956 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:36:15.0625 0956 NwlnkFlt - ok
22:36:15.0640 0956 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:36:15.0640 0956 NwlnkFwd - ok
22:36:15.0640 0956 Suspicious service (NoAccess): ogokrzgrv
22:36:15.0703 0956 OMCI (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
22:36:15.0703 0956 OMCI - ok
22:36:15.0781 0956 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:36:15.0781 0956 Parport - ok
22:36:15.0843 0956 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:36:15.0843 0956 PartMgr - ok
22:36:15.0859 0956 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:36:15.0859 0956 ParVdm - ok
22:36:15.0906 0956 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:36:15.0906 0956 PCI - ok
22:36:15.0937 0956 PCIDump - ok
22:36:16.0000 0956 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:36:16.0000 0956 PCIIde - ok
22:36:16.0062 0956 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:36:16.0062 0956 Pcmcia - ok
22:36:16.0093 0956 PDCOMP - ok
22:36:16.0109 0956 PDFRAME - ok
22:36:16.0140 0956 PDRELI - ok
22:36:16.0156 0956 PDRFRAME - ok
22:36:16.0171 0956 perc2 - ok
22:36:16.0203 0956 perc2hib - ok
22:36:16.0281 0956 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:36:16.0281 0956 PptpMiniport - ok
22:36:16.0328 0956 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:36:16.0328 0956 PSched - ok
22:36:16.0406 0956 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:36:16.0406 0956 Ptilink - ok
22:36:16.0453 0956 ql1080 - ok
22:36:16.0484 0956 Ql10wnt - ok
22:36:16.0515 0956 ql12160 - ok
22:36:16.0531 0956 ql1240 - ok
22:36:16.0546 0956 ql1280 - ok
22:36:16.0640 0956 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\WINDOWS\system32\drivers\RapportBuka.sys
22:36:16.0640 0956 RapportBuka - ok
22:36:16.0843 0956 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
22:36:16.0843 0956 RapportCerberus_34302 - ok
22:36:17.0015 0956 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
22:36:17.0015 0956 RapportEI - ok
22:36:17.0093 0956 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
22:36:17.0093 0956 RapportIaso - ok
22:36:17.0234 0956 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\WINDOWS\system32\Drivers\RapportKELL.sys
22:36:17.0234 0956 RapportKELL - ok
22:36:17.0296 0956 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
22:36:17.0296 0956 RapportPG - ok
22:36:17.0343 0956 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:36:17.0343 0956 RasAcd - ok
22:36:17.0406 0956 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:36:17.0406 0956 Rasl2tp - ok
22:36:17.0437 0956 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:36:17.0453 0956 RasPppoe - ok
22:36:17.0484 0956 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:36:17.0484 0956 Raspti - ok
22:36:17.0531 0956 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:36:17.0531 0956 Rdbss - ok
22:36:17.0562 0956 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:36:17.0562 0956 RDPCDD - ok
22:36:17.0640 0956 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:36:17.0640 0956 RDPWD - ok
22:36:17.0687 0956 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:36:17.0687 0956 redbook - ok
22:36:17.0906 0956 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:36:17.0906 0956 SASDIFSV - ok
22:36:17.0968 0956 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:36:17.0968 0956 SASKUTIL - ok
22:36:18.0171 0956 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:36:18.0171 0956 Secdrv - ok
22:36:18.0265 0956 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:36:18.0265 0956 Serial - ok
22:36:18.0296 0956 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:36:18.0312 0956 Sfloppy - ok
22:36:18.0343 0956 Simbad - ok
22:36:18.0375 0956 Sparrow - ok
22:36:18.0406 0956 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:36:18.0421 0956 splitter - ok
22:36:18.0453 0956 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:36:18.0453 0956 sr - ok
22:36:18.0546 0956 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:36:18.0546 0956 Srv - ok
22:36:18.0625 0956 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:36:18.0625 0956 ssmdrv - ok
22:36:18.0812 0956 STAC97 (19fcec67aaffab07ba358860a602cb4a) C:\WINDOWS\system32\drivers\STAC97.sys
22:36:18.0812 0956 STAC97 - ok
22:36:18.0906 0956 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:36:18.0906 0956 swenum - ok
22:36:18.0937 0956 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:36:18.0937 0956 swmidi - ok
22:36:18.0968 0956 symc810 - ok
22:36:18.0984 0956 symc8xx - ok
22:36:19.0015 0956 sym_hi - ok
22:36:19.0031 0956 sym_u3 - ok
22:36:19.0078 0956 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:36:19.0078 0956 sysaudio - ok
22:36:19.0171 0956 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:36:19.0171 0956 Tcpip - ok
22:36:19.0234 0956 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:36:19.0234 0956 TDPIPE - ok
22:36:19.0250 0956 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:36:19.0265 0956 TDTCP - ok
22:36:19.0281 0956 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:36:19.0281 0956 TermDD - ok
22:36:19.0312 0956 TosIde - ok
22:36:19.0390 0956 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:36:19.0390 0956 Udfs - ok
22:36:19.0406 0956 UIUSys - ok
22:36:19.0437 0956 ultra - ok
22:36:19.0484 0956 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:36:19.0484 0956 Update - ok
22:36:19.0546 0956 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:36:19.0546 0956 USBAAPL - ok
22:36:19.0718 0956 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:36:19.0718 0956 usbccgp - ok
22:36:19.0734 0956 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:36:19.0750 0956 usbehci - ok
22:36:19.0781 0956 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:36:19.0781 0956 usbhub - ok
22:36:19.0859 0956 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:36:19.0859 0956 usbprint - ok
22:36:19.0906 0956 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:36:19.0921 0956 usbscan - ok
22:36:19.0968 0956 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:36:19.0968 0956 USBSTOR - ok
22:36:20.0015 0956 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:36:20.0015 0956 usbuhci - ok
22:36:20.0078 0956 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
22:36:20.0078 0956 usb_rndisx - ok
22:36:20.0140 0956 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:36:20.0140 0956 VgaSave - ok
22:36:20.0234 0956 ViaIde - ok
22:36:20.0281 0956 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:36:20.0281 0956 VolSnap - ok
22:36:20.0375 0956 waclient (d87fd3fac4d99a3d471e101c3d7d30ba) C:\WINDOWS\system32\drivers\waclient.sys
22:36:20.0390 0956 waclient - ok
22:36:20.0437 0956 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:36:20.0437 0956 Wanarp - ok
22:36:20.0500 0956 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:36:20.0515 0956 Wdf01000 - ok
22:36:20.0531 0956 WDICA - ok
22:36:20.0578 0956 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:36:20.0578 0956 wdmaud - ok
22:36:20.0687 0956 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:36:20.0687 0956 winachsf - ok
22:36:20.0859 0956 xcpip - ok
22:36:20.0890 0956 xpsec - ok
22:36:20.0937 0956 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:36:21.0203 0956 \Device\Harddisk0\DR0 - ok
22:36:21.0218 0956 Boot (0x1200) (1f17a448c2a860740c53342023a1d136) \Device\Harddisk0\DR0\Partition0
22:36:21.0218 0956 \Device\Harddisk0\DR0\Partition0 - ok
22:36:21.0218 0956 ============================================================
22:36:21.0218 0956 Scan finished
22:36:21.0218 0956 ============================================================
22:36:21.0234 0404 Detected object count: 0
22:36:21.0234 0404 Actual detected object count: 0
22:36:38.0171 1312 ============================================================
22:36:38.0171 1312 Scan started
22:36:38.0171 1312 Mode: Manual; SigCheck; TDLFS;
22:36:38.0171 1312 ============================================================
22:36:38.0359 1312 Scan interrupted by user!
22:36:38.0359 1312 Scan interrupted by user!
22:36:38.0359 1312 Scan interrupted by user!
22:36:38.0359 1312 ============================================================
22:36:38.0359 1312 Scan finished
22:36:38.0359 1312 ============================================================
22:36:38.0375 2468 Detected object count: 0
22:36:38.0375 2468 Actual detected object count: 0
22:36:40.0640 3452 ============================================================
22:36:40.0640 3452 Scan started
22:36:40.0640 3452 Mode: Manual; SigCheck; TDLFS;
22:36:40.0640 3452 ============================================================
22:36:40.0937 3452 81524076 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\81524076.sys
22:36:41.0296 3452 81524076 - ok
22:36:41.0328 3452 Abiosdsk - ok
22:36:41.0359 3452 abp480n5 - ok
22:36:41.0421 3452 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:36:43.0171 3452 ACPI - ok
22:36:43.0359 3452 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:36:43.0578 3452 ACPIEC - ok
22:36:43.0593 3452 adpu160m - ok
22:36:43.0671 3452 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:36:43.0890 3452 aec - ok
22:36:43.0953 3452 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:36:43.0968 3452 AegisP ( UnsignedFile.Multi.Generic ) - warning
22:36:43.0968 3452 AegisP - detected UnsignedFile.Multi.Generic (1)
22:36:44.0062 3452 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:36:44.0140 3452 AFD - ok
22:36:44.0250 3452 Aha154x - ok
22:36:44.0265 3452 aic78u2 - ok
22:36:44.0281 3452 aic78xx - ok
22:36:44.0312 3452 AliIde - ok
22:36:44.0328 3452 amsint - ok
22:36:44.0375 3452 asc - ok
22:36:44.0390 3452 asc3350p - ok
22:36:44.0437 3452 asc3550 - ok
22:36:44.0484 3452 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:36:44.0703 3452 AsyncMac - ok
22:36:44.0765 3452 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:36:44.0968 3452 atapi - ok
22:36:44.0984 3452 Atdisk - ok
22:36:45.0046 3452 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:36:45.0281 3452 Atmarpc - ok
22:36:45.0343 3452 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:36:45.0578 3452 audstub - ok
22:36:45.0718 3452 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
22:36:45.0734 3452 avgio - ok
22:36:45.0859 3452 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:36:45.0890 3452 avgntflt - ok
22:36:45.0968 3452 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:36:46.0000 3452 avipbb - ok
22:36:46.0078 3452 BCM43XX (c3ab2d6954c7b5103770832a3a6a591b) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:36:46.0187 3452 BCM43XX - ok
22:36:46.0234 3452 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:36:46.0468 3452 Beep - ok
22:36:46.0578 3452 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:36:46.0828 3452 cbidf2k - ok
22:36:46.0843 3452 cd20xrnt - ok
22:36:46.0921 3452 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:36:47.0140 3452 Cdaudio - ok
22:36:47.0343 3452 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:36:47.0593 3452 Cdfs - ok
22:36:47.0656 3452 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:36:47.0859 3452 Cdrom - ok
22:36:47.0906 3452 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
22:36:47.0937 3452 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
22:36:47.0937 3452 cercsr6 - detected UnsignedFile.Multi.Generic (1)
22:36:47.0953 3452 Changer - ok
22:36:48.0000 3452 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:36:48.0218 3452 CmBatt - ok
22:36:48.0234 3452 CmdIde - ok
22:36:48.0281 3452 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:36:48.0500 3452 Compbatt - ok
22:36:48.0531 3452 Cpqarray - ok
22:36:48.0562 3452 dac2w2k - ok
22:36:48.0578 3452 dac960nt - ok
22:36:48.0609 3452 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:36:48.0828 3452 Disk - ok
22:36:48.0921 3452 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:36:49.0171 3452 dmboot - ok
22:36:49.0359 3452 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:36:49.0578 3452 dmio - ok
22:36:49.0625 3452 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:36:49.0843 3452 dmload - ok
22:36:49.0890 3452 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:36:50.0125 3452 DMusic - ok
22:36:50.0171 3452 dpti2o - ok
22:36:50.0203 3452 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:36:50.0390 3452 drmkaud - ok
22:36:50.0468 3452 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:36:50.0546 3452 E100B - ok
22:36:50.0625 3452 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:36:50.0859 3452 Fastfat - ok
22:36:51.0062 3452 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:36:51.0265 3452 Fdc - ok
22:36:51.0296 3452 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:36:51.0531 3452 Fips - ok
22:36:51.0578 3452 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:36:51.0796 3452 Flpydisk - ok
22:36:51.0843 3452 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:36:52.0062 3452 FltMgr - ok
22:36:52.0125 3452 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:36:52.0328 3452 Fs_Rec - ok
22:36:52.0359 3452 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:36:52.0562 3452 Ftdisk - ok
22:36:52.0578 3452 g8zd3c.sys - ok
22:36:52.0656 3452 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:36:52.0687 3452 GEARAspiWDM - ok
22:36:52.0718 3452 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:36:52.0937 3452 Gpc - ok
22:36:53.0046 3452 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:36:53.0265 3452 HidUsb - ok
22:36:53.0281 3452 hpn - ok
22:36:53.0359 3452 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
22:36:53.0406 3452 HSFHWICH - ok
22:36:53.0593 3452 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:36:53.0703 3452 HSF_DP - ok
22:36:53.0843 3452 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
22:36:53.0906 3452 HTCAND32 - ok
22:36:53.0968 3452 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:36:54.0031 3452 HTTP - ok
22:36:54.0062 3452 i2omgmt - ok
22:36:54.0078 3452 i2omp - ok
22:36:54.0171 3452 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:36:54.0390 3452 i8042prt - ok
22:36:54.0500 3452 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:36:54.0625 3452 ialm - ok
22:36:54.0765 3452 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:36:54.0968 3452 Imapi - ok
22:36:55.0000 3452 ini910u - ok
22:36:55.0062 3452 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:36:55.0265 3452 IntelIde - ok
22:36:55.0312 3452 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:36:55.0531 3452 intelppm - ok
22:36:55.0609 3452 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:36:55.0843 3452 Ip6Fw - ok
22:36:55.0890 3452 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:36:56.0125 3452 IpFilterDriver - ok
22:36:56.0140 3452 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:36:56.0359 3452 IpInIp - ok
22:36:56.0406 3452 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:36:56.0625 3452 IpNat - ok
22:36:56.0750 3452 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:36:56.0968 3452 IPSec - ok
22:36:57.0062 3452 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:36:57.0171 3452 IRENUM - ok
22:36:57.0218 3452 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:36:57.0437 3452 isapnp - ok
22:36:57.0468 3452 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:36:57.0687 3452 Kbdclass - ok
22:36:57.0750 3452 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:36:57.0968 3452 kmixer - ok
22:36:58.0031 3452 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:36:58.0140 3452 KSecDD - ok
22:36:58.0250 3452 lbrtfdc - ok
22:36:58.0375 3452 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
22:36:58.0390 3452 MBAMProtector - ok
22:36:58.0484 3452 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:36:58.0531 3452 mdmxsdk - ok
22:36:58.0609 3452 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:36:58.0828 3452 mnmdd - ok
22:36:58.0890 3452 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:36:59.0109 3452 Modem - ok
22:36:59.0125 3452 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:36:59.0343 3452 Mouclass - ok
22:36:59.0515 3452 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:36:59.0734 3452 mouhid - ok
22:36:59.0765 3452 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:36:59.0984 3452 MountMgr - ok
22:37:00.0015 3452 mraid35x - ok
22:37:00.0062 3452 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:37:00.0281 3452 MRxDAV - ok
22:37:00.0375 3452 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:37:00.0515 3452 MRxSmb - ok
22:37:00.0609 3452 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:37:00.0843 3452 Msfs - ok
22:37:00.0968 3452 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:37:01.0171 3452 MSKSSRV - ok
22:37:01.0218 3452 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:37:01.0453 3452 MSPCLOCK - ok
22:37:01.0531 3452 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:37:01.0750 3452 MSPQM - ok
22:37:01.0796 3452 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:37:02.0000 3452 mssmbios - ok
22:37:02.0109 3452 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:37:02.0187 3452 Mup - ok
22:37:02.0250 3452 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:37:02.0453 3452 NDIS - ok
22:37:02.0578 3452 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:37:02.0640 3452 NdisTapi - ok
22:37:02.0796 3452 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:37:03.0015 3452 Ndisuio - ok
22:37:03.0078 3452 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:37:03.0296 3452 NdisWan - ok
22:37:03.0390 3452 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:37:03.0453 3452 NDProxy - ok
22:37:03.0531 3452 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:37:03.0750 3452 NetBIOS - ok
22:37:03.0921 3452 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:37:04.0156 3452 NetBT - ok
22:37:04.0218 3452 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:37:04.0437 3452 Npfs - ok
22:37:04.0484 3452 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:37:04.0750 3452 Ntfs - ok
22:37:04.0828 3452 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:37:05.0046 3452 Null - ok
22:37:05.0156 3452 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:37:05.0359 3452 NwlnkFlt - ok
22:37:05.0484 3452 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:37:05.0687 3452 NwlnkFwd - ok
22:37:05.0703 3452 Suspicious service (NoAccess): ogokrzgrv
22:37:05.0765 3452 OMCI (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
22:37:05.0781 3452 OMCI ( UnsignedFile.Multi.Generic ) - warning
22:37:05.0781 3452 OMCI - detected UnsignedFile.Multi.Generic (1)
22:37:05.0875 3452 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:37:06.0093 3452 Parport - ok
22:37:06.0125 3452 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:37:06.0343 3452 PartMgr - ok
22:37:06.0375 3452 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:37:06.0609 3452 ParVdm - ok
22:37:06.0656 3452 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:37:06.0859 3452 PCI - ok
22:37:06.0906 3452 PCIDump - ok
22:37:06.0984 3452 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:37:07.0203 3452 PCIIde - ok
22:37:07.0359 3452 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:37:07.0562 3452 Pcmcia - ok
22:37:07.0593 3452 PDCOMP - ok
22:37:07.0609 3452 PDFRAME - ok
22:37:07.0625 3452 PDRELI - ok
22:37:07.0656 3452 PDRFRAME - ok
22:37:07.0671 3452 perc2 - ok
22:37:07.0703 3452 perc2hib - ok
22:37:07.0781 3452 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:37:08.0062 3452 PptpMiniport - ok
22:37:08.0109 3452 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:37:08.0328 3452 PSched - ok
22:37:08.0375 3452 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:37:08.0593 3452 Ptilink - ok
22:37:08.0640 3452 ql1080 - ok
22:37:08.0656 3452 Ql10wnt - ok
22:37:08.0687 3452 ql12160 - ok
22:37:08.0703 3452 ql1240 - ok
22:37:08.0718 3452 ql1280 - ok
22:37:08.0828 3452 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\WINDOWS\system32\drivers\RapportBuka.sys
22:37:08.0890 3452 RapportBuka ( UnsignedFile.Multi.Generic ) - warning
22:37:08.0890 3452 RapportBuka - detected UnsignedFile.Multi.Generic (1)
22:37:09.0093 3452 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
22:37:09.0125 3452 RapportCerberus_34302 - ok
22:37:09.0312 3452 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
22:37:09.0343 3452 RapportEI - ok
22:37:09.0406 3452 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
22:37:09.0437 3452 RapportIaso - ok
22:37:09.0578 3452 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\WINDOWS\system32\Drivers\RapportKELL.sys
22:37:09.0593 3452 RapportKELL - ok
22:37:09.0703 3452 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
22:37:09.0718 3452 RapportPG - ok
22:37:09.0765 3452 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:37:10.0000 3452 RasAcd - ok
22:37:10.0062 3452 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:37:10.0296 3452 Rasl2tp - ok
22:37:10.0343 3452 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:37:10.0546 3452 RasPppoe - ok
22:37:10.0609 3452 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:37:10.0828 3452 Raspti - ok
22:37:10.0968 3452 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:37:11.0203 3452 Rdbss - ok
22:37:11.0265 3452 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:37:11.0468 3452 RDPCDD - ok
22:37:11.0562 3452 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:37:11.0609 3452 RDPWD - ok
22:37:11.0671 3452 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:37:11.0890 3452 redbook - ok
22:37:12.0125 3452 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:37:12.0140 3452 SASDIFSV - ok
22:37:12.0203 3452 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:37:12.0218 3452 SASKUTIL - ok
22:37:12.0468 3452 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:37:12.0609 3452 Secdrv - ok
22:37:12.0703 3452 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:37:12.0906 3452 Serial - ok
22:37:12.0953 3452 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:37:13.0203 3452 Sfloppy - ok
22:37:13.0234 3452 Simbad - ok
22:37:13.0265 3452 Sparrow - ok
22:37:13.0312 3452 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:37:13.0515 3452 splitter - ok
22:37:13.0578 3452 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:37:13.0687 3452 sr - ok
22:37:13.0781 3452 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:37:13.0890 3452 Srv - ok
22:37:13.0968 3452 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:37:13.0984 3452 ssmdrv - ok
22:37:14.0062 3452 STAC97 (19fcec67aaffab07ba358860a602cb4a) C:\WINDOWS\system32\drivers\STAC97.sys
22:37:14.0140 3452 STAC97 - ok
22:37:14.0296 3452 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:37:14.0484 3452 swenum - ok
22:37:14.0546 3452 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:37:14.0765 3452 swmidi - ok
22:37:14.0828 3452 symc810 - ok
22:37:14.0859 3452 symc8xx - ok
22:37:14.0906 3452 sym_hi - ok
22:37:14.0937 3452 sym_u3 - ok
22:37:14.0984 3452 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:37:15.0203 3452 sysaudio - ok
22:37:15.0328 3452 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:37:15.0468 3452 Tcpip - ok
22:37:15.0656 3452 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:37:15.0875 3452 TDPIPE - ok
22:37:15.0890 3452 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:37:16.0093 3452 TDTCP - ok
22:37:16.0140 3452 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:37:16.0359 3452 TermDD - ok
22:37:16.0390 3452 TosIde - ok
22:37:16.0437 3452 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:37:16.0656 3452 Udfs - ok
22:37:16.0687 3452 UIUSys - ok
22:37:16.0703 3452 ultra - ok
22:37:16.0750 3452 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:37:17.0015 3452 Update - ok
22:37:17.0078 3452 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:37:17.0109 3452 USBAAPL - ok
22:37:17.0296 3452 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:37:17.0500 3452 usbccgp - ok
22:37:17.0546 3452 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:37:17.0765 3452 usbehci - ok
22:37:17.0828 3452 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:37:18.0031 3452 usbhub - ok
22:37:18.0093 3452 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:37:18.0312 3452 usbprint - ok
22:37:18.0343 3452 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:37:18.0578 3452 usbscan - ok
22:37:18.0750 3452 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:37:19.0000 3452 USBSTOR - ok
22:37:19.0031 3452 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:37:19.0250 3452 usbuhci - ok
22:37:19.0328 3452 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
22:37:19.0531 3452 usb_rndisx - ok
22:37:19.0718 3452 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:37:19.0937 3452 VgaSave - ok
22:37:19.0953 3452 ViaIde - ok
22:37:20.0000 3452 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:37:20.0203 3452 VolSnap - ok
22:37:20.0312 3452 waclient (d87fd3fac4d99a3d471e101c3d7d30ba) C:\WINDOWS\system32\drivers\waclient.sys
22:37:20.0328 3452 waclient - ok
22:37:20.0359 3452 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:37:20.0578 3452 Wanarp - ok
22:37:20.0640 3452 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:37:20.0687 3452 Wdf01000 - ok
22:37:20.0703 3452 WDICA - ok
22:37:20.0750 3452 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:37:21.0015 3452 wdmaud - ok
22:37:21.0203 3452 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:37:21.0265 3452 winachsf - ok
22:37:21.0359 3452 xcpip - ok
22:37:21.0390 3452 xpsec - ok
22:37:21.0437 3452 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:37:21.0812 3452 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:37:21.0812 3452 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:37:21.0812 3452 Boot (0x1200) (1f17a448c2a860740c53342023a1d136) \Device\Harddisk0\DR0\Partition0
22:37:21.0828 3452 \Device\Harddisk0\DR0\Partition0 - ok
22:37:21.0828 3452 ============================================================
22:37:21.0828 3452 Scan finished
22:37:21.0828 3452 ============================================================
22:37:21.0953 3492 Detected object count: 5
22:37:21.0953 3492 Actual detected object count: 5
22:38:10.0843 3492 C:\WINDOWS\system32\DRIVERS\AegisP.sys - copied to quarantine
22:38:10.0906 3492 HKLM\SYSTEM\ControlSet002\services\AegisP - will be deleted on reboot
22:38:10.0937 3492 HKLM\SYSTEM\ControlSet004\services\AegisP - will be deleted on reboot
22:38:10.0937 3492 HKLM\SYSTEM\ControlSet005\services\AegisP - will be deleted on reboot
22:38:10.0953 3492 C:\WINDOWS\system32\DRIVERS\AegisP.sys - will be deleted on reboot
22:38:10.0953 3492 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Delete
22:38:11.0093 3492 C:\WINDOWS\system32\drivers\cercsr6.sys - copied to quarantine
22:38:11.0093 3492 HKLM\SYSTEM\ControlSet002\services\cercsr6 - will be deleted on reboot
22:38:11.0093 3492 HKLM\SYSTEM\ControlSet004\services\cercsr6 - will be deleted on reboot
22:38:11.0093 3492 HKLM\SYSTEM\ControlSet005\services\cercsr6 - will be deleted on reboot
22:38:11.0093 3492 C:\WINDOWS\system32\drivers\cercsr6.sys - will be deleted on reboot
22:38:11.0093 3492 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Delete
22:38:11.0171 3492 C:\WINDOWS\system32\DRIVERS\omci.sys - copied to quarantine
22:38:11.0203 3492 HKLM\SYSTEM\ControlSet001\services\OMCI - will be deleted on reboot
22:38:11.0234 3492 HKLM\SYSTEM\ControlSet002\services\OMCI - will be deleted on reboot
22:38:11.0250 3492 HKLM\SYSTEM\ControlSet003\services\OMCI - will be deleted on reboot
22:38:11.0250 3492 HKLM\SYSTEM\ControlSet004\services\OMCI - will be deleted on reboot
22:38:11.0250 3492 HKLM\SYSTEM\ControlSet005\services\OMCI - will be deleted on reboot
22:38:11.0250 3492 C:\WINDOWS\system32\DRIVERS\omci.sys - will be deleted on reboot
22:38:11.0250 3492 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Delete
22:38:11.0406 3492 C:\WINDOWS\system32\drivers\RapportBuka.sys - copied to quarantine
22:38:11.0406 3492 HKLM\SYSTEM\ControlSet001\services\RapportBuka - will be deleted on reboot
22:38:11.0437 3492 HKLM\SYSTEM\ControlSet002\services\RapportBuka - will be deleted on reboot
22:38:11.0437 3492 HKLM\SYSTEM\ControlSet003\services\RapportBuka - will be deleted on reboot
22:38:11.0437 3492 HKLM\SYSTEM\ControlSet004\services\RapportBuka - will be deleted on reboot
22:38:11.0437 3492 HKLM\SYSTEM\ControlSet005\services\RapportBuka - will be deleted on reboot
22:38:11.0453 3492 C:\WINDOWS\system32\drivers\RapportBuka.sys - will be deleted on reboot
22:38:11.0453 3492 RapportBuka ( UnsignedFile.Multi.Generic ) - User select action: Delete
22:38:11.0578 3492 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
22:38:11.0593 3492 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:38:11.0640 3492 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
22:38:11.0656 3492 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
22:38:11.0687 3492 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
22:38:11.0703 3492 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
22:38:11.0765 3492 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
22:38:11.0781 3492 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
22:38:11.0812 3492 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
22:38:11.0843 3492 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
22:38:11.0843 3492 \Device\Harddisk0\DR0\TDLFS - deleted
22:38:11.0843 3492 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
22:38:39.0687 3472 Deinitialize success




Log from today,

20:59:15.0984 1168 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
20:59:16.0202 1168 ============================================================
20:59:16.0202 1168 Current date / time: 2012/03/03 20:59:16.0202
20:59:16.0202 1168 SystemInfo:
20:59:16.0202 1168
20:59:16.0202 1168 OS Version: 5.1.2600 ServicePack: 3.0
20:59:16.0202 1168 Product type: Workstation
20:59:16.0202 1168 ComputerName: LAPTOP
20:59:16.0202 1168 UserName: helen
20:59:16.0202 1168 Windows directory: C:\WINDOWS
20:59:16.0202 1168 System windows directory: C:\WINDOWS
20:59:16.0202 1168 Processor architecture: Intel x86
20:59:16.0202 1168 Number of processors: 1
20:59:16.0202 1168 Page size: 0x1000
20:59:16.0202 1168 Boot type: Normal boot
20:59:16.0202 1168 ============================================================
20:59:19.0609 1168 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:59:19.0609 1168 \Device\Harddisk0\DR0:
20:59:19.0609 1168 MBR used
20:59:19.0609 1168 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x44DA00E
20:59:19.0718 1168 Initialize success
20:59:19.0718 1168 ============================================================
20:59:37.0781 3792 ============================================================
20:59:37.0781 3792 Scan started
20:59:37.0781 3792 Mode: Manual;
20:59:37.0781 3792 ============================================================
20:59:38.0327 3792 Abiosdsk - ok
20:59:38.0359 3792 abp480n5 - ok
20:59:38.0421 3792 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:59:38.0437 3792 ACPI - ok
20:59:38.0499 3792 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:59:38.0515 3792 ACPIEC - ok
20:59:38.0531 3792 adpu160m - ok
20:59:38.0593 3792 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:59:38.0609 3792 aec - ok
20:59:38.0702 3792 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:59:38.0702 3792 AFD - ok
20:59:38.0718 3792 Aha154x - ok
20:59:38.0734 3792 aic78u2 - ok
20:59:38.0765 3792 aic78xx - ok
20:59:38.0796 3792 AliIde - ok
20:59:38.0812 3792 amsint - ok
20:59:38.0859 3792 asc - ok
20:59:38.0874 3792 asc3350p - ok
20:59:38.0890 3792 asc3550 - ok
20:59:38.0952 3792 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:59:38.0952 3792 AsyncMac - ok
20:59:38.0999 3792 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:59:38.0999 3792 atapi - ok
20:59:39.0015 3792 Atdisk - ok
20:59:39.0077 3792 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:59:39.0077 3792 Atmarpc - ok
20:59:39.0156 3792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:59:39.0156 3792 audstub - ok
20:59:39.0312 3792 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
20:59:39.0327 3792 avgio - ok
20:59:39.0437 3792 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:59:39.0452 3792 avgntflt - ok
20:59:39.0515 3792 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:59:39.0546 3792 avipbb - ok
20:59:39.0624 3792 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
20:59:39.0624 3792 BANTExt - ok
20:59:39.0718 3792 BCM43XX (c3ab2d6954c7b5103770832a3a6a591b) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:59:39.0734 3792 BCM43XX - ok
20:59:39.0812 3792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:59:39.0812 3792 Beep - ok
20:59:39.0827 3792 catchme - ok
20:59:39.0890 3792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:59:39.0906 3792 cbidf2k - ok
20:59:39.0921 3792 cd20xrnt - ok
20:59:39.0968 3792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:59:39.0984 3792 Cdaudio - ok
20:59:40.0046 3792 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:59:40.0062 3792 Cdfs - ok
20:59:40.0234 3792 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:59:40.0249 3792 Cdrom - ok
20:59:40.0265 3792 Changer - ok
20:59:40.0374 3792 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:59:40.0374 3792 CmBatt - ok
20:59:40.0406 3792 CmdIde - ok
20:59:40.0421 3792 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:59:40.0421 3792 Compbatt - ok
20:59:40.0452 3792 Cpqarray - ok
20:59:40.0484 3792 dac2w2k - ok
20:59:40.0499 3792 dac960nt - ok
20:59:40.0546 3792 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:59:40.0546 3792 Disk - ok
20:59:40.0656 3792 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:59:40.0718 3792 dmboot - ok
20:59:40.0781 3792 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:59:40.0796 3792 dmio - ok
20:59:40.0843 3792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:59:40.0843 3792 dmload - ok
20:59:40.0906 3792 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:59:40.0906 3792 DMusic - ok
20:59:40.0937 3792 dpti2o - ok
20:59:40.0968 3792 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:59:40.0968 3792 drmkaud - ok
20:59:41.0046 3792 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:59:41.0046 3792 E100B - ok
20:59:41.0171 3792 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:59:41.0187 3792 Fastfat - ok
20:59:41.0281 3792 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:59:41.0296 3792 Fdc - ok
20:59:41.0327 3792 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:59:41.0343 3792 Fips - ok
20:59:41.0359 3792 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:59:41.0374 3792 Flpydisk - ok
20:59:41.0406 3792 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:59:41.0421 3792 FltMgr - ok
20:59:41.0484 3792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:59:41.0484 3792 Fs_Rec - ok
20:59:41.0515 3792 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:59:41.0531 3792 Ftdisk - ok
20:59:41.0562 3792 g8zd3c.sys - ok
20:59:41.0624 3792 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:59:41.0624 3792 GEARAspiWDM - ok
20:59:41.0656 3792 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:59:41.0656 3792 Gpc - ok
20:59:41.0749 3792 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:59:41.0765 3792 HidUsb - ok
20:59:41.0859 3792 hpn - ok
20:59:41.0937 3792 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
20:59:41.0952 3792 HSFHWICH - ok
20:59:42.0031 3792 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:59:42.0156 3792 HSF_DP - ok
20:59:42.0249 3792 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
20:59:42.0249 3792 HTCAND32 - ok
20:59:42.0327 3792 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:59:42.0327 3792 HTTP - ok
20:59:42.0359 3792 i2omgmt - ok
20:59:42.0374 3792 i2omp - ok
20:59:42.0452 3792 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:59:42.0468 3792 i8042prt - ok
20:59:42.0624 3792 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:59:42.0671 3792 ialm - ok
20:59:42.0702 3792 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:59:42.0702 3792 Imapi - ok
20:59:42.0734 3792 ini910u - ok
20:59:42.0796 3792 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:59:42.0796 3792 IntelIde - ok
20:59:42.0827 3792 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:59:42.0827 3792 intelppm - ok
20:59:42.0906 3792 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:59:42.0921 3792 Ip6Fw - ok
20:59:42.0968 3792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:59:42.0984 3792 IpFilterDriver - ok
20:59:42.0999 3792 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:59:42.0999 3792 IpInIp - ok
20:59:43.0062 3792 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:59:43.0077 3792 IpNat - ok
20:59:43.0156 3792 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:59:43.0156 3792 IPSec - ok
20:59:43.0171 3792 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:59:43.0187 3792 IRENUM - ok
20:59:43.0218 3792 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:59:43.0234 3792 isapnp - ok
20:59:43.0327 3792 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:59:43.0343 3792 Kbdclass - ok
20:59:43.0374 3792 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:59:43.0374 3792 kmixer - ok
20:59:43.0452 3792 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:59:43.0452 3792 KSecDD - ok
20:59:43.0484 3792 lbrtfdc - ok
20:59:43.0577 3792 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
20:59:43.0593 3792 MBAMProtector - ok
20:59:43.0671 3792 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:59:43.0687 3792 mdmxsdk - ok
20:59:43.0921 3792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:59:43.0937 3792 mnmdd - ok
20:59:43.0999 3792 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:59:43.0999 3792 Modem - ok
20:59:44.0093 3792 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:59:44.0109 3792 Mouclass - ok
20:59:44.0187 3792 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:59:44.0187 3792 mouhid - ok
20:59:44.0234 3792 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:59:44.0249 3792 MountMgr - ok
20:59:44.0281 3792 mraid35x - ok
20:59:44.0374 3792 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:59:44.0390 3792 MRxDAV - ok
20:59:44.0499 3792 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:59:44.0515 3792 MRxSmb - ok
20:59:44.0562 3792 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:59:44.0577 3792 Msfs - ok
20:59:44.0718 3792 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:59:44.0718 3792 MSKSSRV - ok
20:59:44.0749 3792 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:59:44.0749 3792 MSPCLOCK - ok
20:59:44.0781 3792 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:59:44.0781 3792 MSPQM - ok
20:59:44.0843 3792 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:59:44.0843 3792 mssmbios - ok
20:59:44.0921 3792 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:59:44.0921 3792 Mup - ok
20:59:44.0952 3792 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:59:44.0968 3792 NDIS - ok
20:59:45.0046 3792 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:59:45.0046 3792 NdisTapi - ok
20:59:45.0077 3792 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:59:45.0077 3792 Ndisuio - ok
20:59:45.0156 3792 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:59:45.0171 3792 NdisWan - ok
20:59:45.0218 3792 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:59:45.0218 3792 NDProxy - ok
20:59:45.0281 3792 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:59:45.0281 3792 NetBIOS - ok
20:59:45.0327 3792 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:59:45.0343 3792 NetBT - ok
20:59:45.0515 3792 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:59:45.0515 3792 Npfs - ok
20:59:45.0577 3792 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:59:45.0656 3792 Ntfs - ok
20:59:45.0734 3792 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:59:45.0734 3792 Null - ok
20:59:45.0827 3792 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:59:45.0843 3792 NwlnkFlt - ok
20:59:45.0906 3792 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:59:45.0921 3792 NwlnkFwd - ok
20:59:45.0921 3792 Suspicious service (NoAccess): ogokrzgrv
20:59:45.0984 3792 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:59:45.0999 3792 Parport - ok
20:59:46.0015 3792 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:59:46.0031 3792 PartMgr - ok
20:59:46.0046 3792 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:59:46.0062 3792 ParVdm - ok
20:59:46.0093 3792 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:59:46.0109 3792 PCI - ok
20:59:46.0124 3792 PCIDump - ok
20:59:46.0202 3792 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:59:46.0202 3792 PCIIde - ok
20:59:46.0281 3792 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:59:46.0296 3792 Pcmcia - ok
20:59:46.0312 3792 PDCOMP - ok
20:59:46.0343 3792 PDFRAME - ok
20:59:46.0359 3792 PDRELI - ok
20:59:46.0374 3792 PDRFRAME - ok
20:59:46.0406 3792 perc2 - ok
20:59:46.0421 3792 perc2hib - ok
20:59:46.0499 3792 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:59:46.0515 3792 PptpMiniport - ok
20:59:46.0593 3792 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:59:46.0593 3792 PSched - ok
20:59:46.0640 3792 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:59:46.0656 3792 Ptilink - ok
20:59:46.0734 3792 ql1080 - ok
20:59:46.0765 3792 Ql10wnt - ok
20:59:46.0812 3792 ql12160 - ok
20:59:46.0843 3792 ql1240 - ok
20:59:46.0890 3792 ql1280 - ok
20:59:47.0077 3792 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
20:59:47.0093 3792 RapportCerberus_34302 - ok
20:59:47.0281 3792 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
20:59:47.0296 3792 RapportEI - ok
20:59:47.0374 3792 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
20:59:47.0374 3792 RapportIaso - ok
20:59:47.0515 3792 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\WINDOWS\system32\Drivers\RapportKELL.sys
20:59:47.0515 3792 RapportKELL - ok
20:59:47.0624 3792 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
20:59:47.0640 3792 RapportPG - ok
20:59:47.0687 3792 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:59:47.0687 3792 RasAcd - ok
20:59:47.0781 3792 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:59:47.0796 3792 Rasl2tp - ok
20:59:47.0827 3792 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:59:47.0843 3792 RasPppoe - ok
20:59:47.0874 3792 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:59:47.0890 3792 Raspti - ok
20:59:47.0921 3792 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:59:47.0937 3792 Rdbss - ok
20:59:47.0968 3792 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:59:47.0984 3792 RDPCDD - ok
20:59:48.0109 3792 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:59:48.0109 3792 RDPWD - ok
20:59:48.0202 3792 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:59:48.0218 3792 redbook - ok
20:59:48.0452 3792 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:59:48.0577 3792 SASDIFSV - ok
20:59:48.0640 3792 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:59:48.0671 3792 SASKUTIL - ok
20:59:48.0765 3792 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:59:48.0781 3792 Secdrv - ok
20:59:49.0109 3792 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:59:49.0124 3792 Serial - ok
20:59:49.0249 3792 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:59:49.0249 3792 Sfloppy - ok
20:59:49.0281 3792 Simbad - ok
20:59:49.0312 3792 Sparrow - ok
20:59:49.0359 3792 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:59:49.0359 3792 splitter - ok
20:59:49.0452 3792 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:59:49.0468 3792 sr - ok
20:59:49.0546 3792 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:59:49.0562 3792 Srv - ok
20:59:49.0624 3792 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:59:49.0640 3792 ssmdrv - ok
20:59:49.0718 3792 STAC97 (19fcec67aaffab07ba358860a602cb4a) C:\WINDOWS\system32\drivers\STAC97.sys
20:59:49.0749 3792 STAC97 - ok
20:59:49.0827 3792 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:59:49.0843 3792 swenum - ok
20:59:50.0031 3792 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:59:50.0031 3792 swmidi - ok
20:59:50.0077 3792 symc810 - ok
20:59:50.0093 3792 symc8xx - ok
20:59:50.0109 3792 sym_hi - ok
20:59:50.0140 3792 sym_u3 - ok
20:59:50.0156 3792 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:59:50.0171 3792 sysaudio - ok
20:59:50.0327 3792 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:59:50.0343 3792 Tcpip - ok
20:59:50.0390 3792 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:59:50.0390 3792 TDPIPE - ok
20:59:50.0421 3792 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:59:50.0421 3792 TDTCP - ok
20:59:50.0484 3792 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:59:50.0484 3792 TermDD - ok
20:59:50.0515 3792 TosIde - ok
20:59:50.0593 3792 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:59:50.0593 3792 Udfs - ok
20:59:50.0624 3792 UIUSys - ok
20:59:50.0640 3792 ultra - ok
20:59:50.0687 3792 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:59:50.0718 3792 Update - ok
20:59:50.0827 3792 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:59:50.0843 3792 USBAAPL - ok
20:59:50.0921 3792 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:59:50.0937 3792 usbccgp - ok
20:59:51.0046 3792 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:59:51.0062 3792 usbehci - ok
20:59:51.0124 3792 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:59:51.0140 3792 usbhub - ok
20:59:51.0187 3792 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:59:51.0202 3792 usbprint - ok
20:59:51.0249 3792 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:59:51.0249 3792 usbscan - ok
20:59:51.0296 3792 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:59:51.0312 3792 USBSTOR - ok
20:59:51.0343 3792 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:59:51.0359 3792 usbuhci - ok
20:59:51.0406 3792 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
20:59:51.0421 3792 usb_rndisx - ok
20:59:51.0484 3792 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:59:51.0499 3792 VgaSave - ok
20:59:51.0562 3792 ViaIde - ok
20:59:51.0593 3792 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:59:51.0593 3792 VolSnap - ok
20:59:51.0718 3792 waclient (d87fd3fac4d99a3d471e101c3d7d30ba) C:\WINDOWS\system32\drivers\waclient.sys
20:59:51.0734 3792 waclient - ok
20:59:51.0749 3792 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:59:51.0765 3792 Wanarp - ok
20:59:51.0843 3792 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:59:51.0906 3792 Wdf01000 - ok
20:59:51.0921 3792 WDICA - ok
20:59:51.0968 3792 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:59:51.0984 3792 wdmaud - ok
20:59:52.0093 3792 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:59:52.0156 3792 winachsf - ok
20:59:52.0359 3792 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:59:52.0359 3792 WS2IFSL - ok
20:59:52.0499 3792 xpsec - ok
20:59:52.0546 3792 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:59:52.0827 3792 \Device\Harddisk0\DR0 - ok
20:59:52.0843 3792 Boot (0x1200) (1f17a448c2a860740c53342023a1d136) \Device\Harddisk0\DR0\Partition0
20:59:52.0843 3792 \Device\Harddisk0\DR0\Partition0 - ok
20:59:52.0843 3792 ============================================================
20:59:52.0843 3792 Scan finished
20:59:52.0843 3792 ============================================================
20:59:52.0874 3788 Detected object count: 0
20:59:52.0874 3788 Actual detected object count: 0



aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-03 22:15:18
-----------------------------
22:15:18.687 OS Version: Windows 5.1.2600 Service Pack 3
22:15:18.687 Number of processors: 1 586 0xD06
22:15:18.687 ComputerName: LAPTOP UserName: helen
22:15:19.452 Initialize success
22:15:35.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:15:35.265 Disk 0 Vendor: FUJITSU_MHV2040AH 00000096 Size: 38154MB BusType: 3
22:15:35.296 Disk 0 MBR read successfully
22:15:35.296 Disk 0 MBR scan
22:15:35.296 Disk 0 Windows XP default MBR code
22:15:35.296 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 78 MB offset 63
22:15:35.312 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 35252 MB offset 160650
22:15:35.327 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 2816 MB offset 72356760
22:15:35.343 Disk 0 scanning sectors +78124095
22:15:35.359 Disk 0 malicious Win32:MBRoot code @ sector 78124098 !
22:15:35.452 Disk 0 scanning C:\WINDOWS\system32\drivers
22:15:45.109 Service scanning
22:16:00.781 Modules scanning
22:16:09.374 Disk 0 trace - called modules:
22:16:09.406 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
22:16:09.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a58cab8]
22:16:09.406 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a5fc030]
22:16:09.406 Scan finished successfully
22:18:09.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\helen\Desktop\MBR.dat"
22:18:09.765 The log file has been saved successfully to "C:\Documents and Settings\helen\Desktop\aswMBR.txt"

Thanks again Jay

Attached Files

  • Attached File  MBR.zip   525bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 AM

Posted 04 March 2012 - 09:36 AM

Please run the ComboFix again and post the log.
p.s. You may be asked to update the program, do it.

===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know what problem persists.

#5 jayw1966

jayw1966
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 04 March 2012 - 04:39 PM

Hi here are the requested logs. I remember the original virus was System Check which wanted me to give card details just in case that's relevant. The computer seems to have problems installing some updates and the system restore doesn't seem to work. I have made sure it's on but it will only show one restore point usually from the same day. Also gets really slow or crashes online and off but this is random. (using now online and seems ok.)

Cheers Jay.

Combofix logComboFix 12-03-04.01 - helen 04/03/2012 21:11:28.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1271.800 [GMT 0:00]
Running from: c:\documents and settings\helen\Desktop\Combo_Fix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))
.
.
2012-02-28 12:38 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-28 12:38 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-28 12:23 . 2012-02-28 12:23 -------- d-----w- c:\program files\Apple Software Update
2012-02-27 22:38 . 2012-02-27 22:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-27 17:18 . 2012-02-27 17:18 -------- d-----w- c:\documents and settings\helen\Application Data\Malwarebytes
2012-02-27 17:18 . 2012-02-27 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-27 17:18 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-27 17:18 . 2012-02-27 17:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2004-08-04 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2011-12-18 09:01 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-21 07:42 . 2012-01-24 14:42 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^helen^Start Menu^Programs^Startup^_uninst_81524076.lnk]
path=c:\documents and settings\helen\Start Menu\Programs\Startup\_uninst_81524076.lnk
backup=c:\windows\pss\_uninst_81524076.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 07:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 15:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-11-02 15:59 126976 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-11-02 16:03 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 15:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]
2009-11-19 15:19 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-07 21:24 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ioloSystemService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Autodesk Licensing Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dlbtcoms.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\3dsmax7\\3dsmax.exe"=
"c:\\Program Files\\backburner 2\\monitor.exe"=
"c:\\Program Files\\backburner 2\\manager.exe"=
"c:\\Program Files\\backburner 2\\server.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [18/12/2011 09:11 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R1 waclient;WatchGuard Access Client Driver;c:\windows\system32\drivers\waclient.sys [31/01/2011 12:14 55536]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [06/05/2011 10:54 136360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [27/02/2012 17:18 652360]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27/02/2012 17:18 20464]
S2 ogokrzgrv;Windows Network;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 12:00 14336]
S3 g8zd3c.sys;g8zd3c.sys;\??\c:\windows\system32\drivers\g8zd3c.sys --> c:\windows\system32\drivers\g8zd3c.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [23/09/2011 11:37 24576]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [09/08/2011 12:56 21520]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: {3195CF7C-E9E2-49B2-8B61-14F285298E1C} - hxxps://uhbwatchguard.ubht.nhs.uk/wa/AccessClientLoader.cab
FF - ProfilePath - c:\documents and settings\helen\Application Data\Mozilla\Firefox\Profiles\22f5hdgf.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc73748&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-04 21:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ogokrzgrv]
"ServiceDll"="c:\windows\system32\sgnfzen.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2012-03-04 21:21:54
ComboFix-quarantined-files.txt 2012-03-04 21:21
ComboFix2.txt 2012-02-28 15:58
.
Pre-Run: 9,940,332,544 bytes free
Post-Run: 9,950,785,536 bytes free
.
- - End Of File - - D5BDC44119B3E1ED0C73823AC8B09CAB
:


checkup log:

Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
CCleaner
Adobe Flash Player 10.0.22.87 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 AM

Posted 05 March 2012 - 10:18 AM

This is the result of the infection. We have to find out if it's dorman or active.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services


Download and run HAMeb_check.exe
Post the contents of the resulting log.
===

I will also need to see this log.

Please download this file, place it on our desktop and run it.
http://www2.gmer.net/mbr/mbr.exe
It will run very fast.

Search the (mbr.log) inside your computer (it will be in Notepad) and post its content here.

#7 jayw1966

jayw1966
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 05 March 2012 - 01:25 PM

requested logs,

C:\Documents and Settings\helen\Desktop\HAMeb_check.exe
05/03/2012 at 18:19:40.92

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x04A8143F
malicious code @ sector 0x04A81442 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services


~~ EOF ~~


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHV2040AH rev.00000096 -> Harddisk0\DR0 ->

device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: error reading MBR


Cheers Jay

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 AM

Posted 06 March 2012 - 09:11 AM

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state.

If you are unwilling to take such a risk, you should not execute the command below, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

If you wish to proceed execute this.


Open the Start > run box
type cmd hit the ok button.

At the DOS prompt type mbr.exe -f (make sure you have a space before the e and the -f

hit the enter key.

Type exit at the prompt and hit the enter key.

Restart the computer normally.

==

Run the mbr.exe again.
Let me see the results.

How is it now?
===

Please post the log and include a fresh ComboFix log for my review.

#9 jayw1966

jayw1966
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 06 March 2012 - 05:40 PM

Hello again,

Followed instructions logs posted below. Laptop does seem to run better, it's not freezing up so far, touch wood, and cpu usage in task manager is generally low with the odd jump ups. One think i forgot to mention before was a lot of files (around 300) in c/ windows folder, highlighted blue with the file name $NTUninstall. these are all first in the folder before the usual folders start alphabetically. Is it looking clean?

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHV2040AH rev.00000096 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 78124095



combofix:


ComboFix 12-03-04.01 - helen 06/03/2012 20:34:51.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1271.752 [GMT 0:00]
Running from: c:\documents and settings\helen\Desktop\Combo_Fix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-02-28 12:38 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-28 12:38 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-28 12:23 . 2012-02-28 12:23 -------- d-----w- c:\program files\Apple Software Update
2012-02-27 22:38 . 2012-02-27 22:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-27 17:18 . 2012-02-27 17:18 -------- d-----w- c:\documents and settings\helen\Application Data\Malwarebytes
2012-02-27 17:18 . 2012-02-27 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-27 17:18 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-27 17:18 . 2012-02-27 17:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2004-08-04 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2011-12-18 09:01 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-21 07:42 . 2012-01-24 14:42 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^helen^Start Menu^Programs^Startup^_uninst_81524076.lnk]
path=c:\documents and settings\helen\Start Menu\Programs\Startup\_uninst_81524076.lnk
backup=c:\windows\pss\_uninst_81524076.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 07:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 15:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-11-02 15:59 126976 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-11-02 16:03 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 15:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]
2009-11-19 15:19 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-07 21:24 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ioloSystemService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Autodesk Licensing Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dlbtcoms.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\3dsmax7\\3dsmax.exe"=
"c:\\Program Files\\backburner 2\\monitor.exe"=
"c:\\Program Files\\backburner 2\\manager.exe"=
"c:\\Program Files\\backburner 2\\server.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [18/12/2011 09:11 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R1 waclient;WatchGuard Access Client Driver;c:\windows\system32\drivers\waclient.sys [31/01/2011 12:14 55536]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [06/05/2011 10:54 136360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [27/02/2012 17:18 652360]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27/02/2012 17:18 20464]
S2 ogokrzgrv;Windows Network;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 12:00 14336]
S3 g8zd3c.sys;g8zd3c.sys;\??\c:\windows\system32\drivers\g8zd3c.sys --> c:\windows\system32\drivers\g8zd3c.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [23/09/2011 11:37 24576]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [09/08/2011 12:56 21520]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: {3195CF7C-E9E2-49B2-8B61-14F285298E1C} - hxxps://uhbwatchguard.ubht.nhs.uk/wa/AccessClientLoader.cab
FF - ProfilePath - c:\documents and settings\helen\Application Data\Mozilla\Firefox\Profiles\22f5hdgf.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc73748&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-06 20:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ogokrzgrv]
"ServiceDll"="c:\windows\system32\sgnfzen.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2652)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-03-06 20:46:02
ComboFix-quarantined-files.txt 2012-03-06 20:45
ComboFix2.txt 2012-03-04 21:21
ComboFix3.txt 2012-02-28 15:58
.
Pre-Run: 9,795,608,576 bytes free
Post-Run: 9,780,432,896 bytes free
.
- - End Of File - - 5030DD9AE905F61375D3B5955A3F4F7E

Thanks Jay

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 AM

Posted 07 March 2012 - 10:04 AM

Open notepad and copy/paste the text in the quote box below into it:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= -
"65533:TCP"=-
"52344:TCP"=-


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
===

Please let me know if all is well.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

#11 jayw1966

jayw1966
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 07 March 2012 - 04:32 PM

Hi here's latest combofix log. I updated reader and flash too. It seems to be running ok, no apparent issues. There are more restore points in system restore now too, back to febuary 28th.

I noticed in the log the file sgnfzen.dll - avira flagged this up as a hidden file during a scan if that has any bearing.


ComboFix 12-03-04.01 - helen 07/03/2012 17:38:09.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1271.634 [GMT 0:00]
Running from: c:\documents and settings\helen\Desktop\Combo_Fix.exe
Command switches used :: c:\documents and settings\helen\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2012-02-28 12:38 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-28 12:38 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-28 12:23 . 2012-02-28 12:23 -------- d-----w- c:\program files\Apple Software Update
2012-02-27 22:38 . 2012-02-27 22:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-27 17:18 . 2012-02-27 17:18 -------- d-----w- c:\documents and settings\helen\Application Data\Malwarebytes
2012-02-27 17:18 . 2012-02-27 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-27 17:18 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-27 17:18 . 2012-02-27 17:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2004-08-04 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2011-12-18 09:01 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-21 07:42 . 2012-01-24 14:42 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^helen^Start Menu^Programs^Startup^_uninst_81524076.lnk]
path=c:\documents and settings\helen\Start Menu\Programs\Startup\_uninst_81524076.lnk
backup=c:\windows\pss\_uninst_81524076.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 07:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 15:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-11-02 15:59 126976 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-11-02 16:03 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 15:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]
2009-11-19 15:19 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-07 21:24 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ioloSystemService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Autodesk Licensing Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dlbtcoms.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\3dsmax7\\3dsmax.exe"=
"c:\\Program Files\\backburner 2\\monitor.exe"=
"c:\\Program Files\\backburner 2\\manager.exe"=
"c:\\Program Files\\backburner 2\\server.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [18/12/2011 09:11 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R1 waclient;WatchGuard Access Client Driver;c:\windows\system32\drivers\waclient.sys [31/01/2011 12:14 55536]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [06/05/2011 10:54 136360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [27/02/2012 17:18 652360]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27/02/2012 17:18 20464]
S2 ogokrzgrv;Windows Network;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 12:00 14336]
S3 g8zd3c.sys;g8zd3c.sys;\??\c:\windows\system32\drivers\g8zd3c.sys --> c:\windows\system32\drivers\g8zd3c.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [23/09/2011 11:37 24576]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [09/08/2011 12:56 21520]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: {3195CF7C-E9E2-49B2-8B61-14F285298E1C} - hxxps://uhbwatchguard.ubht.nhs.uk/wa/AccessClientLoader.cab
FF - ProfilePath - c:\documents and settings\helen\Application Data\Mozilla\Firefox\Profiles\22f5hdgf.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc73748&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-07 17:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ogokrzgrv]
"ServiceDll"="c:\windows\system32\sgnfzen.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2460)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-03-07 17:49:04
ComboFix-quarantined-files.txt 2012-03-07 17:49
ComboFix2.txt 2012-03-06 20:46
ComboFix3.txt 2012-03-04 21:21
ComboFix4.txt 2012-02-28 15:58
.
Pre-Run: 9,703,403,520 bytes free
Post-Run: 9,685,979,136 bytes free
.
- - End Of File - - 5E767A51F2BB18AD37E84AFC3034B6A6

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 AM

Posted 08 March 2012 - 10:40 AM

Open notepad and copy/paste the text in the quote box below into it:

File::
c:\windows\system32\sgnfzen.dll

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ogokrzgrv]


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

#13 jayw1966

jayw1966
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 08 March 2012 - 05:17 PM

The latest log - thanks again for all your help, you must see these logs in your sleep!


ComboFix 12-03-04.01 - helen 08/03/2012 20:27:36.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1271.710 [GMT 0:00]
Running from: c:\documents and settings\helen\Desktop\Combo_Fix.exe
Command switches used :: c:\documents and settings\helen\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\system32\sgnfzen.dll"
.
.
((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-02-28 12:38 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-28 12:38 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-28 12:23 . 2012-02-28 12:23 -------- d-----w- c:\program files\Apple Software Update
2012-02-27 22:38 . 2012-02-27 22:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-27 17:18 . 2012-02-27 17:18 -------- d-----w- c:\documents and settings\helen\Application Data\Malwarebytes
2012-02-27 17:18 . 2012-02-27 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-27 17:18 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-27 17:18 . 2012-02-27 17:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 18:30 . 2011-09-22 12:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2004-08-04 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2011-12-18 09:01 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-21 07:42 . 2012-01-24 14:42 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-04_21.19.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-06 12:55 . 2011-06-06 12:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 12:55 . 2011-06-06 12:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 12:55 . 2011-06-06 12:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 12:55 . 2011-06-06 12:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 12:55 . 2011-06-06 12:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 12:55 . 2011-06-06 12:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 12:55 . 2011-06-06 12:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 12:55 . 2011-06-06 12:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 12:55 . 2011-06-06 12:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2012-03-07 18:08 . 2012-03-07 18:30 250528 c:\windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe
+ 2012-03-07 18:08 . 2012-03-07 18:30 335520 c:\windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.dll
+ 2011-06-06 12:55 . 2011-06-06 12:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 12:55 . 2011-06-06 12:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 12:55 . 2011-06-06 12:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 12:55 . 2011-06-06 12:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 12:55 . 2011-06-06 12:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 12:55 . 2011-06-06 12:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 12:55 . 2011-06-06 12:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 12:55 . 2011-06-06 12:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 12:55 . 2011-06-06 12:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 12:55 . 2011-06-06 12:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-03-07 18:18 . 2012-03-07 18:18 2295808 c:\windows\Installer\2dc9f7.msi
+ 2011-06-06 12:55 . 2011-06-06 12:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 12:55 . 2011-06-06 12:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 12:55 . 2011-06-06 12:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 12:55 . 2011-06-06 12:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 12:55 . 2011-06-06 12:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-01-03 17:44 . 2012-01-03 17:44 15929344 c:\windows\Installer\2dc9f8.msp
+ 2011-06-06 12:55 . 2011-06-06 12:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^helen^Start Menu^Programs^Startup^_uninst_81524076.lnk]
path=c:\documents and settings\helen\Start Menu\Programs\Startup\_uninst_81524076.lnk
backup=c:\windows\pss\_uninst_81524076.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 07:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 15:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-11-02 15:59 126976 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-11-02 16:03 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 15:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]
2009-11-19 15:19 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-07 21:24 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ioloSystemService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Autodesk Licensing Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dlbtcoms.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\3dsmax7\\3dsmax.exe"=
"c:\\Program Files\\backburner 2\\monitor.exe"=
"c:\\Program Files\\backburner 2\\manager.exe"=
"c:\\Program Files\\backburner 2\\server.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [18/12/2011 09:11 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R1 waclient;WatchGuard Access Client Driver;c:\windows\system32\drivers\waclient.sys [31/01/2011 12:14 55536]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [06/05/2011 10:54 136360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [27/02/2012 17:18 652360]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27/02/2012 17:18 20464]
S2 ogokrzgrv;Windows Network;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 12:00 14336]
S3 g8zd3c.sys;g8zd3c.sys;\??\c:\windows\system32\drivers\g8zd3c.sys --> c:\windows\system32\drivers\g8zd3c.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [23/09/2011 11:37 24576]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [09/08/2011 12:56 21520]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: {3195CF7C-E9E2-49B2-8B61-14F285298E1C} - hxxps://uhbwatchguard.ubht.nhs.uk/wa/AccessClientLoader.cab
FF - ProfilePath - c:\documents and settings\helen\Application Data\Mozilla\Firefox\Profiles\22f5hdgf.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc73748&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-08 20:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ogokrzgrv]
"ServiceDll"="c:\windows\system32\sgnfzen.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2968)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-03-08 20:38:58
ComboFix-quarantined-files.txt 2012-03-08 20:38
ComboFix2.txt 2012-03-07 17:49
ComboFix3.txt 2012-03-06 20:46
ComboFix4.txt 2012-03-04 21:21
ComboFix5.txt 2012-03-08 20:25
.
Pre-Run: 9,285,795,840 bytes free
Post-Run: 9,279,287,296 bytes free
.
- - End Of File - - 5B8A2DB42FA397D13823AFAAEC6CBF6B

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 AM

Posted 09 March 2012 - 08:17 AM

Glad we could help.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#15 jayw1966

jayw1966
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 09 March 2012 - 12:09 PM

THanks again! A few important lessons learnt here. I, like a lot of your patients, was rather blase regarding viruses etc, and didn't realise the damage they can cause. This site and the work you do is amazing.

Cheers!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users